コード例 #1
0
        public override string ResetPassword(string username, string passwordAnswer)
        {
            if (!EnablePasswordReset)
            {
                throw new NotSupportedException(SR.GetString(SR.Not_configured_to_support_password_resets));
            }

            SecUtility.CheckParameter(ref username, true, true, true, 256, "username");

            string salt;
            int passwordFormat;
            string passwdFromDB;
            int status;
            int failedPasswordAttemptCount;
            int failedPasswordAnswerAttemptCount;
            bool isApproved;
            DateTime lastLoginDate, lastActivityDate;

            GetPasswordWithFormat(username, false, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
                                  out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
            if (status != 0)
            {
                if (IsStatusDueToBadPassword(status))
                {
                    throw new MembershipPasswordException(SR.GetExceptionText(status));
                }
                throw new ProviderException(SR.GetExceptionText(status));
            }

            string encodedPasswordAnswer;
            if (passwordAnswer != null)
            {
                passwordAnswer = passwordAnswer.Trim();
            }
            if (!string.IsNullOrEmpty(passwordAnswer))
                encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), passwordFormat, salt);
            else
                encodedPasswordAnswer = passwordAnswer;
            SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
            string newPassword = GeneratePassword();

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
            OnValidatingPassword(e);

            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                throw new ProviderException(SR.GetString(SR.Membership_Custom_Password_Validation_Failure));
            }

            var dbo = new UserRepository(this.Name, _sqlConnectionString, _commandTimeout);
            var newpassword = EncodePassword(newPassword, passwordFormat, salt);
            if (dbo.ResetPasswordExecute(username, newpassword, passwordFormat, salt, lastActivityDate))
            {
                dbo.PasswordAttemptCountClear(username);
            }
            else
            {
                dbo.FailedPasswordAttemptIncrement(username);

                var user = dbo.GetUser(username);
                if (user.FailedPasswordAnswerAttemptCount >= MaxInvalidPasswordAttempts)
                {
                    dbo.LockAccount(username);
                }
            }
            return newpassword;
        }
コード例 #2
0
        private bool CheckPassword(string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat)
        {
            string passwdFromDB;
            int status;
            int failedPasswordAttemptCount;
            int failedPasswordAnswerAttemptCount;
            bool isApproved;
            DateTime lastLoginDate, lastActivityDate;

            GetPasswordWithFormat(username, updateLastLoginActivityDate, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
                                  out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
            if (status != 0)
                return false;
            if (!isApproved && failIfNotApproved)
                return false;

            string encodedPasswd = EncodePassword(password, passwordFormat, salt);

            bool isPasswordCorrect = passwdFromDB.Equals(encodedPasswd);

            if (isPasswordCorrect && failedPasswordAttemptCount == 0 && failedPasswordAnswerAttemptCount == 0)
                return true;

            var dbo = new UserRepository(this.Name, _sqlConnectionString, _commandTimeout);
            var user = dbo.GetUser(username);

            // set out parameters
            passwordFormat = (int)user.PasswordFormat;
            salt = user.Salt;
            if (user.IsLockedOut)
                return false;

               DateTime dtNow = DateTime.UtcNow;

            if (!isPasswordCorrect)
            {
                user.FailedPasswordAnswerAttemptWindowStart = user.FailedPasswordAnswerAttemptWindowStart ?? DateTime.UtcNow.AddYears(-2);
                if (dtNow > user.FailedPasswordAnswerAttemptWindowStart.Value.AddMinutes(_passwordAttemptWindow))
                {
                    dbo.PasswordAttemptCountClear(username);
                }
                dbo.FailedPasswordAttemptIncrement(username);

                if (user.FailedPasswordAnswerAttemptCount.GetValueOrDefault() >= failedPasswordAnswerAttemptCount)
                {
                    dbo.LockAccount(username);
                }
            }
            else
            {
                if (user.FailedPasswordAnswerAttemptCount.GetValueOrDefault() > 0 || user.FailedPasswordAnswerAttemptCount.GetValueOrDefault() > 0)
                {
                    dbo.UnlockAccount(username);
                }
            }

            dbo.UpdateLastActivityDate(username);

            return isPasswordCorrect;
        }